planet.webkitgtk.org
webkit.org
GNOME.org
WebKitGTK

WebKitGTK and WPE WebKit Security Advisory WSA-2025-0005

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

  • CVE-2025-24189
    • Versions affected: WebKitGTK and WPE WebKit before 2.48.0.
    • Credit to an anonymous researcher.
    • Impact: Processing maliciously crafted web content may lead to memory corruption. Description: The issue was addressed with improved checks.
    • WebKit Bugzilla: 284332
  • CVE-2025-31273
    • Versions affected: WebKitGTK and WPE WebKit before 2.48.5.
    • Credit to Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei.
    • Impact: Processing maliciously crafted web content may lead to memory corruption. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 293579
  • CVE-2025-31278
    • Versions affected: WebKitGTK and WPE WebKit before 2.48.5.
    • Credit to Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei.
    • Impact: Processing maliciously crafted web content may lead to memory corruption. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 291742
  • CVE-2025-43211
    • Versions affected: WebKitGTK and WPE WebKit before 2.48.5.
    • Credit to Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei.
    • Impact: Processing web content may lead to a denial-of-service. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 293730
  • CVE-2025-43212
    • Versions affected: WebKitGTK and WPE WebKit before 2.48.5.
    • Credit to Nan Wang (@eternalsakura13) and Ziling Chen.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 293197
  • CVE-2025-43216
    • Versions affected: WebKitGTK and WPE WebKit before 2.48.5.
    • Credit to Ignacio Sanmillan (@ulexec).
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: A use-after-free issue was addressed with improved memory management.
    • WebKit Bugzilla: 295382
  • CVE-2025-43227
    • Versions affected: WebKitGTK and WPE WebKit before 2.48.5.
    • Credit to Gilad Moav.
    • Impact: Processing maliciously crafted web content may disclose sensitive user information. Description: This issue was addressed through improved state management.
    • WebKit Bugzilla: 292888
  • CVE-2025-43228
    • Versions affected: WebKitGTK and WPE WebKit before 2.48.5.
    • Credit to Jaydev Ahire.
    • Impact: Visiting a malicious website may lead to address bar spoofing. Description: The issue was addressed with improved UI.
    • WebKit Bugzilla: 294374
  • CVE-2025-43240
    • Versions affected: WebKitGTK and WPE WebKit before 2.48.5.
    • Credit to Syarif Muhammad Sajjad.
    • Impact: A download’s origin may be incorrectly associated. Description: A logic issue was addressed with improved checks.
    • WebKit Bugzilla: 293994
  • CVE-2025-43265
    • Versions affected: WebKitGTK and WPE WebKit before 2.48.5.
    • Credit to HexRabbit (@h3xr4bb1t) from DEVCORE Research Team.
    • Impact: Processing maliciously crafted web content may disclose internal states of the app. Description: An out-of-bounds read was addressed with improved input validation.
    • WebKit Bugzilla: 294182
  • CVE-2025-6558
    • Versions affected: WebKitGTK and WPE WebKit before 2.48.5.
    • Credit to Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at.
    • WebKit Bugzilla: 296459

We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.

Further information about WebKitGTK and WPE WebKit security advisories can be found at: webkitgtk.org/security.html or wpewebkit.org/security.

Latest News
Security Advisories
Releases
Documentation
Contact
Contribute